Web lists-archives.com

Re: [Samba] TLS 1.2 Support Samba-AD




On Wed, 2019-05-29 at 05:48 +0530, Anantha Raghava via samba wrote:
> Hi,
> 
> Does Samba-AD support TLS 1.2 for LDAPS? If yes, can some one give
> more
> details on its configuration?

Seems that is enabled by default (tested with samba-4.9.x ) [1] 
 
openssl s_client -showcerts -connect mydc1.etc.com:636 [2]

[1]
https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC

[2]
(...)
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384

Server public key is 4096 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

    Protocol  : TLSv1.2

    Cipher    : ECDHE-RSA-AES256-GCM-SHA384

    Session-ID:
C45186405F3B55B472DFD075A27C1BA68A90D4BD4C72EE94BD7BD6F8F58E6283

    Session-ID-ctx:  
    Master-Key:
40E62E425FF8AE4A491001576A97F7FB3EB54A326FD5D3BF0BDB392DE6FA137C60A98C1
FC8A02B12103C64594DFE9785

    PSK identity: None

    PSK identity hint: None

    SRP username: None

    Start Time: 1559091178

    Timeout   : 7200 (sec)

    Verify return code: 21 (unable to verify the first certificate)

    Extended master secret: yes

---

closed






> Regards,
> Ananth
-- 
Sérgio M. B.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba